[Bug 526918] New: Change default passwd hash algorithm to sha512
http://bugzilla.novell.com/show_bug.cgi?id=526918 Summary: Change default passwd hash algorithm to sha512 Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: bitdealer@gmail.com QAContact: qa@suse.de Found By: --- Please be so kind to change the default hashing algorithm that gets used by passwd and friends to something more secure than md5 in /etc/default/passwd (preferable sha512). And before you ask, Yes, I have my tin foil hat on ;D -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526918 http://bugzilla.novell.com/show_bug.cgi?id=526918#c1 Stephan Kleine <bitdealer@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Security |Security Product|openSUSE 11.2 |openSUSE 11.3 --- Comment #1 from Stephan Kleine <bitdealer@gmail.com> 2010-02-08 18:35:38 UTC --- Changing product to 11.3 since 11.2 already got released so it hopefully gets changed for the next release. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526918 http://bugzilla.novell.com/show_bug.cgi?id=526918#c2 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |FEATURE --- Comment #2 from Thomas Biege <thomas@novell.com> 2010-02-09 11:16:24 UTC --- The easiest and correct way to introduce new or change existing features is to use openFATE: http://de.opensuse.org/OpenFATE -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526918 http://bugzilla.novell.com/show_bug.cgi?id=526918#c3 --- Comment #3 from Stephan Kleine <bitdealer@gmail.com> 2010-02-09 12:36:19 UTC --- I seriously don't understand how not using an outdated / unsecure hashing algorithm qualifies as "feature" instead of a security bug but however .... : https://features.opensuse.org/308966 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526918 http://bugzilla.novell.com/show_bug.cgi?id=526918#c4 --- Comment #4 from Thomas Biege <thomas@novell.com> 2010-02-09 15:29:29 UTC --- What security problems do you see for using md5 as password hash? Has upstream switched to sha512 as default algorithm? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com